package com.button.admin.security;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

import de.codecentric.boot.admin.server.config.AdminServerProperties;

@Configuration
public class SecuritySecureConfig extends WebSecurityConfigurerAdapter {

    private final String adminContextPath;

    public SecuritySecureConfig(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(adminContextPath + "/");


        http.authorizeRequests() // 授予对所有静态资产和登录页面的公共访问权限。
                        .antMatchers(adminContextPath + "/assets/**").permitAll().antMatchers(adminContextPath + "/login").permitAll() // 必须对每个其他请求进行身份验证
                        .anyRequest().authenticated().and() // 配置登录和注销
                        .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
                        .logout().logoutUrl(adminContextPath + "/logout").and() // 启用HTTP-Basic支持。这是Spring
                                                                                // BootAdmin
                                                                                // Client注册所必需的
                        .httpBasic().and();

        http.authorizeRequests().antMatchers(adminContextPath + "/assets/**").permitAll()
                        .antMatchers(adminContextPath + "/login").permitAll().anyRequest().authenticated().and().formLogin()
                        .loginPage(adminContextPath + "/login").successHandler(successHandler).and().logout()
                        .logoutUrl(adminContextPath + "/logout").and().httpBasic().and().csrf()
                        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                        .ignoringAntMatchers(adminContextPath + "/instances", adminContextPath + "/actuator/**");
    }

}
